Lucene search
K

182 matches found

CVE
CVE
added 2020/08/20 3:55 p.m.49 views

CVE-2020-4687

CVE-2020-4687 affects IBM Content Navigator in IBM Case Manager, with prior public details indicating that authenticated users could access another user’s cached content. Connected IBM advisories confirm the vulnerability in IBM Content Navigator 3.0.7/3.0.8 and provide remediation guidance. Reme...

4.3CVSS4.4AI score0.01046EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/04/15 8:15 p.m.24 views

Cross site request forgery (csrf)

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

5CVSS8.4AI score0.03935EPSS
Exploits0References8Affected Software3
Debian CVE
Debian CVE
added 2020/04/13 5:30 p.m.22 views

CVE-2020-6442

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS5.8AI score0.01905EPSS
Exploits1
OSV
OSV
added 2020/04/08 11:15 p.m.4 views

UBUNTU-CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...

7.5CVSS7.1AI score0.02106EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/03/23 8:13 p.m.5 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/02/12 2:45 p.m.29 views

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

9.7AI score0.73862EPSS
Exploits4References4
Node.js
Node.js
added 2019/07/18 9:30 p.m.17 views

Denial of Service

Overview Versions of mem prior to 4.0.0 are vulnerable to Denial of Service DoS. The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging...

6.8AI score
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2019/05/16 9:20 p.m.55 views

CVE-2019-10912

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...

7.1CVSS7AI score0.02302EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.26 views

F5 Networks BIG-IP : BIG-IP DNS Cache vulnerability (K48224824)

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. CVE-2018-5532...

5.3CVSS5.7AI score0.01165EPSS
Exploits0References2
OSV
OSV
added 2018/10/18 1:29 p.m.8 views

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

7CVSS6AI score
Exploits0References18
OSV
OSV
added 2018/10/03 1:41 p.m.7 views

USN-3778-1 firefox vulnerabilities

A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code...

9.1CVSS7AI score0.13417EPSS
Exploits3References4
Debian CVE
Debian CVE
added 2018/08/29 1:0 p.m.47 views

CVE-2018-8005

When there are multiple ranges in a range request, Apache Traffic Server ATS will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgra...

5.3CVSS5.5AI score0.06895EPSS
Exploits0
CNVD
CNVD
added 2018/04/26 12:0 a.m.4 views

Multiple IBM Products Jazz Team Server Information Disclosure Vulnerability

IBM Rational Collaborative Lifecycle Management CLM and others are products of IBM Corporation in the U.S. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle...

4.3CVSS6.3AI score0.00963EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/18 2:0 p.m.26 views

CVE-2014-10051

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is...

9.7AI score0.01252EPSS
Exploits0References2
CVE
CVE
added 2018/04/18 2:0 p.m.61 views

CVE-2014-10051

CVE-2014-10051 affects Android devices with Qualcomm Snapdragon Mobile/Wear platforms (e.g., MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/212/205, SD 400, SD 410/12, SDX20). After loading a dynamically loaded code section, the I-Cache is not invalidated, allowi...

10CVSS8.5AI score0.01252EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/02/23 12:0 a.m.25 views

Linux kernel fs/f2fs/extent_cache.c file denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the fs/f2fs/extentcache.c file in Linux kernel versions prior to 4.13. An attacker can exploit this vulnerability to cause a denial ...

5.5CVSS7.2AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/09 12:0 a.m.3 views

Code Execution Vulnerability in LzCMS v1.1.4

LzCMS Lao Zhang Content Management System is a simple blog system made by ThinkPHP+layui. A code execution vulnerability exists in LzCMS v1.1.4, which is due to the system failing to effectively filter data written to cache files. Attackers can use this vulnerability to upload Trojan horse files...

7.7AI score
Exploits0
Hacker One
Hacker One
added 2017/12/30 6:58 p.m.54 views

GitLab: GitLab CI runner can read and poison cache of all other projects

The GitLab CI runner allows users to cache files and directories in between runs. These files are stored in a ZIP file and uploaded to a shared cache instance. In my testing, the files were uploaded to runners-cache-4-internal.gitlab.com and runners-cache-3-internal.gitlab.com, even for dedicated...

6.5CVSS0.5AI score0.04609EPSS
Exploits0
Mageia
Mageia
added 2017/11/20 9:18 p.m.27 views

Updated sssd packages fix security vulnerability

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like 'objectClass=user name=username' are used. However, in sysdbsearchuserbyupnres, the input is not sanitized and allows to manipulate the search filter for cache lookups. Thi...

8.8CVSS1.5AI score0.01499EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2017/09/28 12:0 a.m.7 views

The vulnerability in the cache server of the Cisco Videoscape Distribution Suite allows a attacker to cause a service failure or a device restart.

The vulnerability in the cache server of the Cisco Videoscape Distribution Suite arises from operations that go beyond the buffer limits in memory, due to an excessive number of active connections. Exploiting this vulnerability allows a malicious actor to trigger a device reboot or a service...

7.8CVSS7.5AI score0.01738EPSS
Exploits0References3
Rows per page
Query Builder